Software Integrity

Archive for the 'Agile, CI/CD & DevOps' Category

 

Automation: One of the keys to DevSecOps

Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Featured, Maturity Model (BSIMM)

 

Webinar: Cloud DevSecOps with Synopsys and AWS

Automation in the cloud can help you build faster and deliver continuously, but it can also make managing security a challenge. By integrating Black Duck by Synopsys with the development tools you use in Amazon Web Services, you can scan images in your container registry, automate build scans in your CI pipeline, and stay notified […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security, Webinar

 

Webinar: Static analysis helps DevOps teams maintain velocity securely

Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to find and fix security vulnerabilities early in the DevOps process. Integrating SAST into DevOps is critical to building a sustainable program. And automating your SAST tools […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinar

 

Webinar: Using Security Champions to build a DevSecOps culture within your organization

Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. They’ve automated manual processes and built tools into continuous integration and continuous delivery (CI/CD) pipelines. In doing so, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Security Training, Webinar

 

The intersection between IAST and SCA and why you need both in your security toolkit

Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications using dynamic testing (a.k.a. runtime testing) techniques. SCA, a term coined by market analysts, […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis

 

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing development workflows. While integration into […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)

 

Integrating Coverity static analysis into development workflows

This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports the goals of developers, rather […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)

 

Making the skies safe and secure with DO-178C compliance

A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Weekly Security Mashup

 

Common security challenges in CI/CD workflows

In a recent webinar that I co-presented with Jay Lyman, principal cloud management and container analyst at 451 Research, we had the opportunity to discuss the realities and opportunities that exist in DevSecOps. Real security challenges In the Q&A portion of the webinar, attendees posed questions about how to solve the problem of building security […]

Continue Reading...

Posted in Agile, CI/CD & DevOps

 

Enable DevSecOps with Coverity: deliver secure code, faster

The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]

Continue Reading...

Posted in Agile, CI/CD & DevOps